Malware detection method based on HTTP behavior graph

A malware and detection method technology, applied in the field of network security, can solve the problems of poor classification effect and difficulty in distinguishing normal software and malware, and achieve the effect of good classification effect and high classification accuracy

Active Publication Date: 2019-03-26
SICHUAN UNIV
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The object of the present invention is to: provide the malicious software detection method based on HTTP behavior figure, solve current many malicious softwares and can produce legal HTTP flow, and regularly generate request, cause the difficulty of distinguishing normal software and malicious software to increase, classification effect is relatively poor bad question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware detection method based on HTTP behavior graph
  • Malware detection method based on HTTP behavior graph
  • Malware detection method based on HTTP behavior graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] A kind of malicious software detection method based on HTTP behavior graph that the preferred embodiment of the present invention provides, comprises the following steps:

[0057] Step 1: Collect HTTP traffic generated by malware and benign software;

[0058] Step 1.1: Use cuckoo to build a sandbox to simulate the real use environment of the software;

[0059] Step 1.2: put the collected malware and benign software into the sandbox in turn, and collect the traffic generated by the malware and benign software;

[0060] Step 1.3: Input the collected website of Alexatop10000 into the sandbox, and collect the website traffic of Alexatop10000 in turn as a supplement of benign data;

[0061] Step 2: Use the collected traffic to build a behavior dendrogram corresponding to HTTP, such as figure 2 As shown, each tree of the behavior dendrogram represents the HTTP behavior activities of the client in the sandbox, and the behavior dendrogram includes a root node, a child node a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malware detection method based on an HTTP behavior graph, belonging to the technical field of network security. The malware detection method based on the HTTP behavior graphcomprises the following steps: building collected traffic into an HTTP behavior tree graph according to the collected HTTP traffic of known malicious or benign soft-wares; then extracting features ofeach node in the behavior tree graph to generate a feature tree graph; then converting the feature tree graph to a feature vector by using the Graph Embedding algorithm; then inputting the feature vector into a model for training and testing; and finally, detecting by a detection model and outputting a test result. The malware detection method based on the HTTP behavior graph solves the problem that many malware can generate legal HTTP traffic and generate a request periodically, which causes that the difficulty of distinguishing the normal software and the malware is increased and the classification effect is poor.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to a malicious software detection method based on an HTTP behavior graph. Background technique [0002] Web-based services are increasingly used in Internet applications such as social networking or cloud computing. Additionally, due to the increase in network security threats, system administrators protect their networks by closing inward ports and allowing outgoing communication through selected protocols such as HTTP. Therefore, HTTP is a potential communication medium for insider security threats. [0003] When complex or new model malware generate legitimate HTTP traffic and have similar behaviors to normal software, it becomes more difficult to distinguish between normal and malicious activity by monitoring HTTP traffic, however analyzing HTTP activity is still valuable for malicious detection process. Cybercriminals or Internet spiders use web technologies as a commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08G06N3/08
CPCG06N3/084H04L63/1416H04L63/145H04L67/02
Inventor 牛伟纳张小松卓中流
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap